Refactor project integration identifiers from externalProjectId to clientId across the backend, including environment configuration, database schema, and API endpoints. Update test cases to reflect these changes for both custom and Neon integrations.

Author: fomalhautb

apps/backend/.env.development

@@ -41,4 +41,4 @@ STACK_ARTIFICIAL_DEVELOPMENT_DELAY_MS=50
 
 STACK_ENABLE_HARDCODED_PASSKEY_CHALLENGE_FOR_TESTING=yes
 
-STACK_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-local", "client_secret": "neon-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}, {"client_id": "custom-local", "client_secret": "custom-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}]
+STACK_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-dev", "client_secret": "neon-dev-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}, {"client_id": "custom-dev", "client_secret": "custom-dev-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}]

apps/backend/prisma/migrations/20250520185503_rename_neon/migration.sql

@@ -5,4 +5,4 @@ ALTER TYPE "VerificationCodeType" RENAME VALUE 'NEON_INTEGRATION_PROJECT_TRANSFE
 ALTER TABLE "NeonProvisionedProject" RENAME TO "ProvisionedProject";
 ALTER TABLE "ProvisionedProject" RENAME CONSTRAINT "NeonProvisionedProject_pkey" TO "ProvisionedProject_pkey";
 ALTER TABLE "ProvisionedProject" RENAME CONSTRAINT "NeonProvisionedProject_projectId_fkey" TO "ProvisionedProject_projectId_fkey";
-ALTER TABLE "ProvisionedProject" RENAME COLUMN "neonClientId" TO "externalProjectId";
+ALTER TABLE "ProvisionedProject" RENAME COLUMN "neonClientId" TO "clientId";

apps/backend/prisma/schema.prisma

@@ -641,7 +641,7 @@ model ProvisionedProject {
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  externalProjectId String
+  clientId String
 }
 
 //#region Events

apps/backend/src/app/api/latest/integrations/custom/projects/provision/route.tsx

@@ -54,7 +54,7 @@ export const POST = createSmartRouteHandler({
     await prismaClient.provisionedProject.create({
       data: {
         projectId: createdProject.id,
-        externalProjectId: clientId,
+        clientId: clientId,
       },
     });
 

apps/backend/src/app/api/latest/integrations/custom/projects/transfer/confirm/verification-code-handler.tsx

@@ -16,7 +16,7 @@ export const integrationProjectTransferCodeHandler = createVerificationCodeHandl
   },
   type: VerificationCodeType.INTEGRATION_PROJECT_TRANSFER,
   data: yupObject({
-    external_project_id: yupString().defined(),
+    client_id: yupString().defined(),
     project_id: yupString().defined(),
   }).defined(),
   method: yupObject({}),
@@ -34,7 +34,7 @@ export const integrationProjectTransferCodeHandler = createVerificationCodeHandl
     const provisionedProjects = await prismaClient.provisionedProject.findMany({
       where: {
         projectId: data.project_id,
-        externalProjectId: data.external_project_id,
+        clientId: data.client_id,
       },
     });
     if (provisionedProjects.length === 0) throw new StatusError(400, "The project to transfer was not provisioned or has already been transferred.");
@@ -48,7 +48,7 @@ export const integrationProjectTransferCodeHandler = createVerificationCodeHandl
       const provisionedProject = await tx.provisionedProject.deleteMany({
         where: {
           projectId: data.project_id,
-          externalProjectId: data.external_project_id,
+          clientId: data.client_id,
         },
       });
 

apps/backend/src/app/api/latest/integrations/custom/projects/transfer/route.tsx

@@ -15,7 +15,7 @@ async function validateAndGetTransferInfo(authorizationHeader: string, projectId
   const provisionedProject = await prismaClient.provisionedProject.findUnique({
     where: {
       projectId,
-      externalProjectId: clientId,
+      clientId: clientId,
     },
   });
   if (!provisionedProject) {
@@ -89,7 +89,7 @@ export const POST = createSmartRouteHandler({
       method: {},
       data: {
         project_id: provisionedProject.projectId,
-        external_project_id: provisionedProject.externalProjectId,
+        client_id: provisionedProject.clientId,
       },
       callbackUrl: new URL("/integrations/custom/projects/transfer/confirm", getEnvVariable("NEXT_PUBLIC_STACK_DASHBOARD_URL")),
       expiresInMs: 1000 * 60 * 60,

apps/backend/src/app/api/latest/integrations/neon/projects/provision/route.tsx

@@ -54,7 +54,7 @@ export const POST = createSmartRouteHandler({
     await prismaClient.provisionedProject.create({
       data: {
         projectId: createdProject.id,
-        externalProjectId: clientId,
+        clientId: clientId,
       },
     });
 

apps/backend/src/app/api/latest/integrations/neon/projects/transfer/confirm/verification-code-handler.tsx

@@ -34,7 +34,7 @@ export const neonIntegrationProjectTransferCodeHandler = createVerificationCodeH
     const provisionedProjects = await prismaClient.provisionedProject.findMany({
       where: {
         projectId: data.project_id,
-        externalProjectId: data.neon_client_id,
+        clientId: data.neon_client_id,
       },
     });
     if (provisionedProjects.length === 0) throw new StatusError(400, "The project to transfer was not provisioned by Neon or has already been transferred.");
@@ -48,7 +48,7 @@ export const neonIntegrationProjectTransferCodeHandler = createVerificationCodeH
       const provisionedProject = await tx.provisionedProject.deleteMany({
         where: {
           projectId: data.project_id,
-          externalProjectId: data.neon_client_id,
+          clientId: data.neon_client_id,
         },
       });
 

apps/backend/src/app/api/latest/integrations/neon/projects/transfer/route.tsx

@@ -15,7 +15,7 @@ async function validateAndGetTransferInfo(authorizationHeader: string, projectId
   const provisionedProject = await prismaClient.provisionedProject.findUnique({
     where: {
       projectId,
-      externalProjectId: clientId,
+      clientId: clientId,
     },
   });
   if (!provisionedProject) {
@@ -89,7 +89,7 @@ export const POST = createSmartRouteHandler({
       method: {},
       data: {
         project_id: provisionedProject.projectId,
-        neon_client_id: provisionedProject.externalProjectId,
+        neon_client_id: provisionedProject.clientId,
       },
       callbackUrl: new URL("/integrations/neon/projects/transfer/confirm", getEnvVariable("NEXT_PUBLIC_STACK_DASHBOARD_URL")),
       expiresInMs: 1000 * 60 * 60,

apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts

@@ -10,7 +10,7 @@ async function authorizePart1(redirectUri: string = "http://localhost:30000/api/
     method: "GET",
     query: {
       response_type: "code",
-      client_id: "custom-local",
+      client_id: "custom-dev",
       redirect_uri: redirectUri,
       state: encodeBase64Url(new TextEncoder().encode(JSON.stringify({ details: { external_project_name: 'custom-project' } }))),
       code_challenge: "xf6HY7PIgoaCf_eMniSt-45brYE2J_05C9BnfIbueik",
@@ -75,7 +75,7 @@ async function authorize(projectId: string) {
       NiceResponse {
         "status": 307,
         "headers": Headers {
-          "location": "http://localhost:8102/api/v1/integrations/custom/oauth/idp/auth?response_type=code&client_id=custom-local&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
+          "location": "http://localhost:8102/api/v1/integrations/custom/oauth/idp/auth?response_type=code&client_id=custom-dev&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
           <some fields may have been hidden>,
         },
       },
@@ -169,7 +169,7 @@ it(`should not redirect to the incorrect callback URL`, async ({}) => {
         NiceResponse {
           "status": 307,
           "headers": Headers {
-            "location": "http://localhost:8102/api/v1/integrations/custom/oauth/idp/auth?response_type=code&client_id=custom-local&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
+            "location": "http://localhost:8102/api/v1/integrations/custom/oauth/idp/auth?response_type=code&client_id=custom-dev&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
             <some fields may have been hidden>,
           },
         },
@@ -203,7 +203,7 @@ it(`should exchange the authorization code for an admin API key that works`, asy
       redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
     },
     headers: {
-      "Authorization": encodeBasicAuthorizationHeader("custom-local", "custom-local-secret")
+      "Authorization": encodeBasicAuthorizationHeader("custom-dev", "custom-dev-secret")
     },
   });
   expect(tokenResponse).toMatchInlineSnapshot(`
@@ -257,7 +257,7 @@ it(`should not exchange the authorization code when the client secret is incorre
       redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
     },
     headers: {
-      "Authorization": encodeBasicAuthorizationHeader("custom-local", "wrong-secret")
+      "Authorization": encodeBasicAuthorizationHeader("custom-dev", "wrong-secret")
     },
   });
   expect(tokenResponse).toMatchInlineSnapshot(`